Page MenuHomePhabricator
Create Task
Maniphest T213569

add Greg Grossmeier to Phabricator admins group
Closed, ResolvedPublic
Actions

Description

The other day a user asked for 2fa reset on Phabricator and Greg wanted to help with it but he could not ssh to the Phabricator server to run the needed shell command.

I checked and saw that while he is in several admin groups he is not in the one made for Phabricator actions like this, phabricator-admins.

So i made https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/483623/ to suggest adding him.

Realizing that access requests need tickets, here is the one to go with it.

There are already +1s on Gerrit including the current sole member of the group, Andre Klapper.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - [Patchset for access request]

Details

SubjectRepoBranchLines +/-
admins: add Greg to phabricator-adminsoperations/puppetproduction+1 -1
Customize query in gerrit

Event Timeline

Dzahn created this task.Jan 11 2019, 5:45 PM
Restricted Application added a project: SRE. · View Herald TranscriptJan 11 2019, 5:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn triaged this task as Medium priority.Jan 11 2019, 5:45 PM
gerritbot subscribed.Jan 11 2019, 5:46 PM

Change 483623 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add Greg to phabricator-admins

https://gerrit.wikimedia.org/r/483623

gerritbot added a project: Patch-For-Review.Jan 11 2019, 5:46 PM
Aklapper awarded a token.Jan 11 2019, 6:32 PM
herron updated the task description. (Show Details)Jan 11 2019, 6:34 PM
herron subscribed.

Adding the usual checklist, even though it's nearly all done. Since this involves sudo privs it's been flagged for review/approval during the next SRE meeting which happens on Monday the 14th. The on-duty SRE will follow up after then. Thanks!

herron moved this task from Untriaged to Group Manager Approval Pending on the SRE-Access-Requests board.Jan 11 2019, 6:35 PM
gerritbot added a comment.Jan 14 2019, 7:13 PM

Change 483623 merged by Dzahn:
[operations/puppet@production] admins: add Greg to phabricator-admins

https://gerrit.wikimedia.org/r/483623

Dzahn updated the task description. (Show Details)Jan 14 2019, 7:14 PM
Dzahn closed this task as Resolved.Jan 14 2019, 7:18 PM
Dzahn claimed this task.
Dzahn added a subscriber: greg.
[phab1001:~] $ id gjg
uid=2890(gjg) gid=500(wikidev) groups=500(wikidev),746(phabricator-admin)

@greg Should work now!

Dzahn removed a project: Patch-For-Review.Jan 14 2019, 7:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL